September 23, 2020

The NATF has posted the "Revision Process for the Energy Sector Supply Chain Risk Questionnaire and NATF Cyber Security Criteria for Suppliers" for industry use. 

The purpose of this process is to facilitate periodic reviews and modifications of the NATF “Energy Sector Supply Chain Risk Questionnaire” (Questionnaire) and the “NATF Cyber Security Criteria for Suppliers” (Criteria), which were developed for industry-wide use to drive consistency of information obtained from suppliers of bulk power system hardware, software, and services.  

Consistent with the NATF’s open, collaborative, and consensus-based approach, modifications via this process will be made with consideration of input from across industry and will include adding, deleting, or modifying individual questions in the Questionnaire or individual criterion in the Criteria as well as adding, deleting, or modifying mappings to security frameworks (e.g., SOC2, ISO27001, etc.).  

The process is available on the NATF Supply Chain Cyber Security Industry Coordination page.